Journal of Communications and Networks

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지

Digital Forensics of Microsoft Office 2007-2013 Documents to Prevent Covert Communication

  • Fu, Zhangjie (College of Computer and Software & Jiangsu Engineering Center of Network Monitoring, Nanjing University of Information Science and Technology) ;
  • Sun, Xingming (College of Computer and Software & Jiangsu Engineering Center of Network Monitoring, Nanjing University of Information Science and Technology) ;
  • Xi, Jie (College of Computer and Software & Jiangsu Engineering Center of Network Monitoring, Nanjing University of Information Science and Technology)
  • Received : 2013.06.20
  • Accepted : 2015.05.31
  • Published : 2015.10.31
⟨ Previous Next ⟩

Abstract

MS Office suit software is the most widely used electronic documents by a large number of users in the world, which has absolute predominance in office software market. MS Office 2007-2013 documents, which use new office open extensible markup language (OOXML) format, could be illegally used as cover mediums to transmit secret information by offenders, because they do not easily arouse others suspicion. This paper proposes nine forensic methods and an integrated forensic tool for OOXML format documents on the basis of researching the potential information hiding methods. The proposed forensic methods and tool cover three categories; document structure, document content, and document format. The aim is to prevent covert communication and provide security detection technology for electronic documents downloaded by users. The proposed methods can prevent the damage of secret information embedded by offenders. Extensive experiments based on real data set demonstrate the effectiveness of the proposed methods.

Keywords

Acknowledgement

Supported by : NSFC

References

  1. G. Palmer, "A road map for digital forensic research," Tech. Rep. DTRT0010-01, DFRWS, 2001.
  2. B. Carrier, "Defining digital forensic examination and analysis tools using abstraction layers," Int'l J. Digital Evidence, vol. 1, no. 4, pp. 1-12, 2003.
  3. J. Li et al., "Segmentation-based image copy-move forgery detection scheme," IEEE Trans. Inf. Forensics Security, vol. 10, no. 3, pp. 507-518, Mar. 2015. https://doi.org/10.1109/TIFS.2014.2381872
  4. Z. Pan, Y. Zhang, and S. Kwong, "Efficient motion and disparity estimation optimization for low complexity multiview video coding," IEEE Trans. Broadcast. (DOI: 10.1109/TBC.2015.2419824), 2015.
  5. Microsoft Office Alternatives [Online]. Available: http://www.businessnewsdaily.com/5983-free-office-suites.html
  6. G. Cantrell and D. D. Dampier, "Experiments in hiding data inside the file structure of common office documents: A steganography application," in Proc. Int. Symp. Inf. Commun. Technol., LasVegas, NV, USA, 2004, pp. 146-151.
  7. A. Castiglione, A. De Santis, and C. Soriente, "Taking advantages of a disadvantage: Digital forensics and steganography using document metadata," J. Syst. Softw., no. 80, pp. 750-764, 2007. https://doi.org/10.1016/j.jss.2006.07.006
  8. T. Y. Liu andW. H. Tsai, "A new steganographic method for data hiding in Microsoft word documents by a change tracking technique," IEEE Trans. Inf. Forensics Security, vol. 2, no. 1, pp. 24-30, 2007. https://doi.org/10.1109/TIFS.2006.890310
  9. J. Park, S. Lee, "Forensic investigation of Microsoft PowerPoint files," Digit. Investigation, vol. 6, no. 1-2, pp. 16-24, 2009. https://doi.org/10.1016/j.diin.2009.05.001
  10. S. L. Garfinkel and J. Migletz, "The new XML office document files: Implications for forensics," IEEE Security Privacy, vol. 7, no. 2, pp. 1-13, 2009. https://doi.org/10.1109/MSP.2009.80
  11. B. Park, J. Park, and S. Lee, "Data concealment and detection in Microsoft Office 2007 files," Digit. Investigation, vol. 5, no. 3-4, pp. 104-114, 2009. https://doi.org/10.1016/j.diin.2008.12.001
  12. Z. Fu et al., "Forensic investigation of OOXML format documents," Digit. Investigation, vol. 8, no. 1, pp. 48-55, 2011. https://doi.org/10.1016/j.diin.2011.04.001
  13. A. Castiglione, "Hiding information into OOXML documents: New steganographic perspectives," J. Wireless Mobile Netw., Ubiquitous Comput., Dependable Appl., vol. 2, no. 4, pp. 59-83, 2011. https://doi.org/10.22667/JOWUA.2011.12.31.059
  14. Microsoft Word, [Online]. Available: http://en.wikipedia.org/wiki/Word_processor
  15. M. A. Raffay, "Data hiding and detection in Office Open XML (OOXML) documents," University of Ontario Institute of Technology, 2011.
  16. B. Gu et al., "Incremental support vector learning for ordinal regression," IEEE Trans. Neural Netw. Learn. Syst., (DOI: 10.1109/TNNLS.2014.2342533), 2015.
  17. Z. Fu et al., "Achieving efficient cloud search services: Multi-keyword ranked search over encrypted cloud data supporting parallel computing," IEICE Trans. Commun., vol. E98-B, no. 1, pp. 190-200, 2015. https://doi.org/10.1587/transcom.E98.B.190
  18. Z. Xia et al., "A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data," IEEE Trans. Parallel Distrib. Syst., 2015.